November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
August 26, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
August 26, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
August 26, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
August 26, 2022
Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- b2cd9c71ae265562bda35328670c296a
- 6033d3fe215e208626904dffbb9f27fc
- 16a9ddc4b32981114fe4f069a4353105
SHA-256
- 68191d4ba2ad20bf53986dfc5db193397a6bead2c9342078d9a34475230659ef
- 06d73b35cc732c48308c14a0f72a430d6837591a49d7781a4d735ef79fe27a41
- 477cab8d4385172d679200edc6619462de2402d912f21f36981fc058987a6d52
SHA-1
- 4a625af154bcd6fb3097e20e03ab643d25c483e8
- 736a139470dd7166af2418b7d11f5dd66e13ce7f
- bf73849f57c150f9e2199c61427f631be2dfa595
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.